You can cause XSS by using ?XSS=